APPLYING ROWHAMMER

This training covers how the Rowhammer effect can be used to corrupt and recover secrets from a TrustZone implementation. This training is composed of two main parts: a presentation (theoretical) and a practical part.
During the theoretical part we first introduce TrustZone, which is a hardware-based security technique built into processors. After, we cover in detail ‘Rowhammer’, which is a software attack that can be used to generate faults in memory, also known as bit flips. The theoretical part concludes with how to target a TrustZone implementation using Rowhammer.

During the practical part the participant implements a Rowhammer attack themselves with the assistance of the trainers. The participants then use their own implementation to target a TrustZone implementation prepared by eshard.

There is an optional second day which focuses on the mobile “Drammer” attack which is an advanced exploitation of the Rowhammer effect used to gain root privileges on an un-rooted android device. This part contains a presentation of the attack and a practical part where the participant implement the attack themselves.

This training ties in well with eshard’s other TEE related training courses, such as ‘TEE TrustZone, how to reproduce an exploit’ and our ‘TrustZone V7-A, V8-M and Trusty’ course. Following these courses prior to attending this course is not necessary, though you may be interested in learning more about the specifics discussed in these courses.